SCS-C02 · Question #180
SCS-C02 Question #180: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #180. The question stem and answer options stay visible for context.
Question
A company uses AWS Organizations to manage several AWS accounts. The company processes a large volume of sensitive data. The company uses a serverless approach to microservices. The company stores all the data in either Amazon S3 or Amazon DynamoDB. The company reads the data by using either AWS Lambda functions or container-based services that the company hosts on Amazon Elastic Kubernetes Service (Amazon EKS) on AWS Fargate. The company must implement a solution to encrypt all the data at rest and enforce least privilege data access controls. The company creates an AWS Key Management Service (AWS KMS) customer managed key. What should the company do next to meet these requirements?
Options
- ACreate a key policy that allows the kms:Decrypt action only for Amazon S3 and DynamoDB.
- BCreate an IAM policy that denies the kms:Decrypt action for the key. Create a Lambda function
- CCreate a key policy that allows the kms:Decrypt action only for Amazon S3, DynamoDB, Lambda,
- DCreate a key policy that allows the kms:Decrypt action only for Amazon S3, DynamoDB, Lambda,
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.